DOCSLIB.ORG

Security Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Guide Informatica® 10.4.0 Security Guide Informatica Security Guide 10.4.0 December 2019 © Copyright Informatica LLC 2013, 2020 This software and documentation are provided only under a separate license agreement containing restrictions on use and disclosure. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC. U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation is subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License. Informatica, the Informatica logo, Informatica Cloud, PowerCenter, and PowerExchange are trademarks or registered trademarks of Informatica LLC in the United States and many jurisdictions throughout the world. A current list of Informatica trademarks is available on the web at https://www.informatica.com/trademarks.html. Other company and product names may be trade names or trademarks of their respective owners. Portions of this software and/or documentation are subject to copyright held by third parties. Required third party notices are included with the product. The information in this documentation is subject to change without notice. If you find any problems in this documentation, report them to us at [email protected]. Informatica products are warranted according to the terms and conditions of the agreements under which they are provided. INFORMATICA PROVIDES THE INFORMATION IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. Publication Date: 2020-06-26 Table of Contents Preface ..................................................................... 10 Informatica Resources.................................................. 10 Informatica Network................................................. 10 Informatica Knowledge Base........................................... 10 Informatica Documentation............................................ 10 Informatica Product Availability Matrices................................... 11 Informatica Velocity................................................. 11 Informatica Marketplace.............................................. 11 Informatica Global Customer Support...................................... 11 Chapter 1: Introduction to Informatica Security.............................. 12 Overview of Informatica Security............................................ 12 Infrastructure Security.................................................. 13 Authentication.................................................... 13 Secure Domain Communication......................................... 14 Secure Data Storage................................................. 15 Operational Security.................................................... 15 Domain Configuration Repository........................................... 15 Security Domain...................................................... 16 Chapter 2: User Authentication.............................................. 17 User Authentication Overview.............................................. 17 Native User Authentication................................................ 18 LDAP User Authentication................................................ 18 Kerberos Authentication................................................. 19 SAML Authentication for Informatica Web Applications............................. 19 Chapter 3: LDAP Authentication............................................. 20 Overview........................................................... 20 LDAP Security Domains.................................................. 20 User Account Synchronization............................................. 21 LDAP Directory Services................................................. 21 Azure Active Directory for Secure LDAP Authentication............................. 22 Creating an LDAP Configuration............................................ 23 Create the LDAP Configuration and Configure the LDAP Server Connection.............. 23 Configure the Security Domain.......................................... 25 Configure the Synchronization Schedule.................................... 26 Using Nested Groups in the LDAP Directory Service............................. 27 Using a Self-Signed SSL Certificate....................................... 28 Deleting an LDAP Configuration............................................ 28 Table of Contents 3 Chapter 4: Kerberos Authentication......................................... 29 Kerberos Overview..................................................... 29 How Kerberos Works in an Informatica Domain.................................. 30 Kerberos Cross Realm Authentication........................................ 32 Converting a Domain From Kerberos Single Realm Authentication to Kerberos Cross Realm Authentication.................................................... 32 Preparing to Enable Kerberos Authentication.................................... 33 Determine the Kerberos Service Principal Level............................... 33 Configure the Kerberos Configuration File................................... 34 Create Kerberos Principal Accounts in Active Directory.......................... 37 Generate the Service Principal Name and Keytab File Name Formats.................. 38 Generate the Keytab Files............................................. 43 Enable Delegation for the Kerberos Principal User Accounts in Active Directory........... 47 Enabling Kerberos Authentication........................................... 48 Enable Kerberos Authentication in the Domain................................ 49 Update the Nodes in the Domain......................................... 51 Enabling Kerberos on Informatica Nodes....................................... 52 Copy the Keytab Files to the Informatica Nodes............................... 53 Enable Kerberos Authentication for Informatica Clients.......................... 54 Enabling User Accounts to Use Kerberos Authentication............................. 55 Import User Accounts from Active Directory into LDAP Security Domains............... 55 Migrate Native User Privileges and Permissions to the Kerberos Security Domain......... 58 Chapter 5: SAML Authentication for Informatica Web Applications........... 60 SAML Authentication Overview............................................. 60 SAML Authentication Process............................................. 61 Enable SAML Authentication in a Domain...................................... 61 Create an LDAP Configuration for the Identity Provider or LDAP Store................. 62 Export the Assertion Signing Certificate.................................... 62 Import the Certificate into the Truststore Used for SAML Authentication............... 62 Configure the Identity Provider.......................................... 63 Add Informatica Web Application URLs to the Identity Provider..................... 63 Enable SAML Authentication in the Domain.................................. 63 Enable SAML Authentication on the Gateway Nodes............................ 65 Configuring Web Applications to Use Different Identity Providers....................... 67 Prepare to Use an Identity Provider....................................... 67 Configure Informatica Administrator to Use an Identity Provider..................... 67 Configure an Informatica Web Application................................... 69 Chapter 6: Domain Security.................................................. 71 Domain Security Overview................................................ 71 Secure Communication Within the Domain..................................... 72 4 Table of Contents Secure Communication for Services and the Service Manager...................... 72 Secure Domain Configuration Repository Database............................. 78 Secure PowerCenter Repository Database................................... 80 Secure Model Repository Database....................................... 80 Secure Communication for Workflows and Sessions............................ 81 Secure Connections to a Web Application Service................................. 82 Requirements for Secure Connections to Web Application Services................... 82 Enabling Secure Connections to the Administrator Tool.......................... 83 Informatica Web Application Services..................................... 83 Cipher Suites for the Informatica Domain...................................... 86 Create the Cipher Suite Lists........................................... 86 Configure the Informatica Domain with a New Effective List of Cipher Suites............ 87 Secure Sources and Targets............................................... 88 Data Integration Service Sources and Targets................................ 88 PowerCenter Sources and Targets........................................ 89 Secure Data Storage...................................................
Load more

Recommended publications
  • About Hearst-Argyle Television, Inc
    About Hearst-Argyle Television, Inc. • Established 1997, through the combination of the Hearst Broadcasting group and Argyle Television, Inc. • Publicly Traded on New York Stock Exchange (Symbol “HTV”) • 2006 Financial Statistics: o Revenue: $ 785.4 million o EBITDA (1): $ 287.9 million o Operating Income: $ 228.8 million o Net Income: $ 98.7 million o Shares Outstanding: 93 million o Dividends per Common Share: $ 0.28 • Total Assets: $3,958.1 million • Long-Term Debt: $ 777.1 million • Primary Revenue Source: Broadcast Advertising o Major categories of advertisers: Automotive, Retail, Furniture/Housewares, Financial Services, Corporate Packaged Goods, Fast Foods, Movies, Beverages, Pharmaceuticals, Political campaigns o Other revenue sources: Digital media advertising; retransmission- consent payments from program distributors • Ownership: Majority-owned by Hearst Corporation (www.hearst.com), the diversified media company whose other interests include newspapers, magazines and cable programming networks; the balance is held mostly by public shareholders • Employees: Approximately 3,000 full-time (1) EBITDA is a non-GAAP measure. For a reconciliation of this and other non-GAAP measures to GAAP financials in accordance with Regulation G, please see the “GAAP reconciliation” section of the Hearst-Argyle Television Web site, www.hearstargyle.com. • Presence in: 23 States • Properties: o 29 Television Stations, 2 Radio Stations 26 of the television stations are owned by Hearst-Argyle Television, Inc. Two of the TV stations and both radio stations are managed by Hearst-Argyle on behalf of Hearst Corporation under a management agreement; one TV station is managed on behalf of Hearst Corporation which is holder of a local marketing agreement (“LMA”) for the station.
    [Show full text]
  • What Is Control?
    WHAT IS CONTROL? Australians, or as many as possible, should have access to a choice of three commercial television channels Introduction In the same way as viewers in five of the six mainland capital cities. The The views expressed in this paper policy also made the grant of a third are entirely my own. They do not commercial television licence In Perth necessarily represent the views of any inevitable. person or company for whom I act or The means by which equalisation have acted in matters arising under is to be achieved remain an area of the relevant legislation. controversy. The debate about the use This paper is primarily concerned of multi-channel services (MCS) or with the answer to the question "What aggregation and the possibility of the is Control?". That question must now staging of MCS followed by aggregation be asked and answered In the light of has excited the regional stations. It the proposed new legislation announced has also been followed with great by the then Minister for Communica­ Interest by the networks. The timing, tions, the Hon. Mr Michael Duffy MP on commercial viability and the relation­ 27 November, 1986. In the absence of ship between MCS and aggregation are any more detailed information, it is all matters dealt with in the Broad­ necessary to speculate about the new casting Amendment Bill, 1986 which was regime to a considerable extent. reported on by the Richardson There are clearly risks in such an Committee. exercise, but they are risks worth taking In the debate about the new rules relating to ownership and The New Rules control.
    [Show full text]
  • Openvms: an Introduction
    The Operating System Handbook or, Fake Your Way Through Minis and Mainframes by Bob DuCharme VMS Table of Contents Chapter 7 OpenVMS: An Introduction.............................................................................. 7.1 History..........................................................................................................................2 7.1.1 Today........................................................................................................................3 7.1.1.1 Popular VMS Software..........................................................................................4 7.1.2 VMS, DCL................................................................................................................4 Chapter 8 Getting Started with OpenVMS........................................................................ 8.1 Starting Up...................................................................................................................7 8.1.1 Finishing Your VMS Session...................................................................................7 8.1.1.1 Reconnecting..........................................................................................................7 8.1.2 Entering Commands..................................................................................................8 8.1.2.1 Retrieving Previous Commands............................................................................9 8.1.2.2 Aborting Screen Output.........................................................................................9
    [Show full text]
  • Network 10'S Baby Joy
    Media Release Network 10’s Baby Joy. One Born Every Minute. Due In 2019. We’re just bursting with baby joy as we welcome the life-changing factual series, One Born Every Minute to the 10 family. Produced by Endemol Shine Australia, this tender and emotional series will be set in a bustling maternity ward and will capture all of the fear, love and joy that comes with welcoming new life into the world. From the reception desk to the operating theatre, remotely-operated cameras will capture the unpredictable, emotional and sometimes precarious situations that happen every day in a maternity unit. On commissioning the series, Network 10 Chief Content Officer Beverley McGarvey, said: Network 10 “We have seen our audiences really embrace and enjoy an insight into the world of A CBS Company genuinely amazing Australians including paramedics and life-guards so having the opportunity to now get close to the incredible and dedicated teams who help us through childbirth is not only thrilling but is a real privilege and a series we believe will be very special.” Endemol Shine Australia CEO Carl Fennessy, said: “One Born Every Minute is one of the world’s most dramatic, emotional and breath taking factual series. We are incredibly proud to bring this BAFTA Award winning format to Australian audiences in 2019”. From no-nonsense nurses to first-time mums and anxious dads, the human drama of One Born Every Minute will have you holding your breath, reaching for the tissues….and maybe rethinking your family plan. Created by Dragonfly, part of Endemol Shine UK, this award -winning documentary series has now been adapted in 10 markets including France, Denmark, Czech Republic and Israel.
    [Show full text]
  • REDACTED VERSION Before the Federal Communications
    REDACTED VERSION Before the Federal Communications Commission Washington, D.C. 20554 FCC 16D-1 In the Matter of ) ) Game Show Network, LLC, ) Complainant, ) MB Docket No. 12-122 ) v. ) File No. CSR-8529-P ) Cablevision Systems Corp. ) Defendant. ) Issued: November 22, 2016 Released: November 23, 2016 INITIAL DECISION OF CHIEF ADMINISTRATIVE LAW JUDGE RICHARD L. SIPPEL Appearances Stephen A. Weiswasser, Esq., Paul W. Schmidt, Esq., Elizabeth H. Canter, Esq., Laura Flahive Wu, Esq., Stephen Kiehl, Esq., C. William Phillips, Esq., and Jonathan M. Sperling, Esq., on behalf of Game Show Network, LLC; Jay Cohen, Esq., Andrew G. Gordon, Esq., Gary R. Carney, Esq., George W. Kroup, Esq., Tara M. Corvo, Esq., and Robert G. Kidwell, Esq., on behalf of Cablevision Systems Corporation; and Pamela S. Kane, Esq., and William Knowles-Kellett, Esq., on behalf of the Enforcement Bureau. TABLE OF CONTENTS Heading Paragraph # I. PRELIMINARY STATEMENT ............................................................................................................ 1 II. FINDINGS OF FACT .......................................................................................................................... 10 A. Description of Parties and Background ......................................................................................... 10 1. Game Show Network .............................................................................................................. 10 2. Cablevision Systems Corporation ..........................................................................................
    [Show full text]
  • MS-DOS Basics.Pdf
    MS-DOS Basics The Command Prompt When you first turn on your computer, you will see some cryptic information flash by. MS-DOS displays this information to let you know how it is configuring your computer. You can ignore it for now. When the information stops scrolling past, you'll see the following: C:\> This is called the command prompt or DOS prompt. The flashing underscore next to the command prompt is called the cursor. The cursor shows where the command you type will appear. Type the following command at the command prompt: ver The following message appears on your screen: MS-DOS version 6.22 Viewing the Contents of a Directory To view the contents of a directory 1. Type the following at the command prompt: dir A list similar to the following appears: Changing Directories To change from the root directory to the WINDOWS directory To change directories, you will use the cd command. The cd command stands for "change directory." 1. Type the following at the command prompt: cd windows The command prompt changes. It should now look like the following: C:\WINDOWS> Next, you will use the dir command to view a list of the files in the DOS directory. Viewing the Contents of WINDOWS Directory To view a list of the files in the WINDOWS directory 1. Type the following at the command prompt: dir Changing Back to the Root Directory To change to the root directory 1. Type the following at the command prompt: cd \ Note that the slash you type in this command is a backslash (\), not a forward slash (/).
    [Show full text]
  • MS-DOS Lecture
    MS-DOS 2017 University of Babylon College of Engineering Electrical Department Learning Basics of MS-DOS Assis. Lec. Abeer Abd Alhameed | 1 MS-DOS 2017 Outcomes: By the end of this lecture, students are able to: Define the MS-DOS system Log in MS-DOS commands system Display MS-DOS information on your computer Type basic commands of MS-DOS system (view directory contents, change directory, make directory) Assis. Lec. Abeer Abd Alhameed | 2 MS-DOS 2017 Learning of MS-DOS Basics: Definition - What does Microsoft Disk Operating System (MS- DOS) mean? The Microsoft Disk Operating System (MS-DOS) is an operating system developed for PCs (personal computers) with x86 microprocessors. It was the first widely-installed operating system in personal computers. It is a command-line-based system, where all commands are entered in text form and there is no graphical user interface. The Command Prompt: When you first turn on your computer, you will see some information flash by. MS-DOS displays this information to let you know how it is configuring your computer. You can ignore it for now. When the information stops scrolling past, you'll see the following: C:\> This is called the command prompt or DOS prompt. The flashing underscore next to the command prompt is called the cursor. The cursor shows where the command you type will appear. Typing a Command: This section explains how to type a command at the command prompt and demonstrates the "Bad command or file name" message. • To type a command at the command prompt 1. Type the following at the command prompt (you can type the command in either uppercase or lowercase letters): nul If you make a typing mistake, press the BACKSPACE key to erase the mistake, and then try again.
    [Show full text]
  • CS 103 Lab 1 - Linux and Virtual Machines
    CS 103 Lab 1 - Linux and Virtual Machines 1 Introduction In this lab you will login to your Linux VM and write your first C/C++ program, compile it, and then execute it. 2 What you will learn In this lab you will learn the basic commands and navigation of Linux/Unix, its file system, the GNU C/C++ compiler and a few basic applications such as Gedit. Important: The Linux operating system and environment shares a vast majority of commands and methods with Unix. 3 Background Information and Notes 3.1 Software to Install on your PC Start by following the course virtual machine installation instructions found at the link below. http://cs103.usc.edu/tools-and-links/installing-course-vm/ Below is a list of recommended software you should install that will be helpful over multiple courses in CS and EE. These tools allow you to access remote servers, run GUI apps on those servers, and transfer files between your PC and those servers. For Windows: FileZilla FTP – Available from : https://software.usc.edu/index.aspx XWin-32 – Available from : https://software.usc.edu/index.aspx PuTTY – Available from : https://software.usc.edu/index.aspx For Mac: X Server: http://developer.apple.com/opensource/tools/runningx11.html Fetch FTP – Available from : https://software.usc.edu/index.aspx Reference: http://www.usc.edu/its/unix/ Last Revised: 8/29/2014 1 CS 103 Lab 1 - Linux and Virtual Machines 3.2 Getting Started with Unix1 and Accessing your Account Solaris vs. Unix vs. Linux UNIX was developed by AT&T Bell Labs in 1969.
    [Show full text]
  • Schools-By-Network-Printable.Pdf
    SCHOOLS BY NETWORK ASSIGNMENT Network 1 Network 2 Network 3 Network 4 Network 5 Network 6 Network 7 Network 8 Chief: Chief: Chief: Chief: Chief: Chief: Chief: Lela Majstorovic Eduardo Cesario Randel Josserand Chief: William Klee Shontae Higginbottom Brian Metcalfe Minerva Garcia Sanchez Elizabeth Alvarez Bateman Armstrong G* Belmont-Craigin Alcott ES Beidler Armour Cardenas Brighton Park Beard Boone Brunson Audubon Cameron Brown W Castellanos Burroughs Beaubien Brennemann Burbank Barry Cather Burr* Cooper Calmeca Belding Budlong Camras Bell Chopin Dett Corkery* Christopher Bridge* Chappell Clark ES Blaine Columbus* Drummond Finkl Columbia Explorers Canty Clinton Depriest Brentano Crown Galileo Gary Daley Cleveland Coonley Ellington Chase De Diego Graham ES Hammond Davis N Dever Courtenay Falconer Darwin Ericson Haines Jungman Everett Dirksen Decatur Hanson Park Franklin Faraday Healy Kanoon Greene Disney II ES Field Hay Funston Frazier Prospective Holden Little Village Hamline Edison Gale Leland Goethe Gregory Irving McCormick Hedges Edison Park Goudy Locke J Greeley Hefferan Jackson A Orozco Lara Farnsworth Hayt Lovett Inter-American Hughes C Jenner Ortiz de Dominguez Pasteur Garvy* Jamieson Lyon* Jahn Jensen Lozano Perez Sandoval Gray Jordan Nash LaSalle Kellman McClellan Pickard Sawyer Haugan Kilmer Sayre Lincoln Lawndale Ogden ES Pilsen Seward Henry McCutcheon Schubert Lorca Lowell Otis Ruiz Shields Hibbard McPherson Spencer Manierre Mason Pritzker Saucedo Thomas Hitch New Field Young ES Mayer Melody Pulaski Spry ES Evergreen Murphy
    [Show full text]
  • Network 10 Broadcast Advertising Delivery Guidelines
    26 April 2020 Network 10 broadcast advertising delivery guidelines Network 10 material deadlines Material deadlines are in place to ensure the 10 Traffic team have enough time for the important checks and processes involved in getting your commercials to air. Unforeseen circumstances and problems can arise at any time, so it is imperative that deadlines supplied to you by the Traffic team are adhered to. There are three deadlines for the week prior to your activity going to air. They are: Network 10 A ViacomCBS • Material instruction deadline: The date by which you must advise the Traffic Team Company what key numbers you wish to run. Any time, date, channel or program restrictions should be included in the instructions. • CAD deadline – the date by which you must have Free TV classify your commercials. Commercials cannot go to air without CAD approval. • Material delivery deadline – the date by which the material for your commercials must be ‘on hand’ or delivered. There are many quality control and technical checks that need to be done before broadcast. Once material is fully on hand with Adstream or Peach IMD, it still takes time to be ingested on 10’s servers. The Traffic team will be in touch with you the week prior to your deadlines. If you are unsure of the deadlines, unsure you can meet deadlines or require an extension for your week’s activity, please enquire through the Traffic team using this email address [email protected]. Deadlines can change at any time due to public holidays, service provider outages and system updates.
    [Show full text]
  • How to Load Vista Or Windows 7 Onto a Bootable Thumb Drive
    STAR Watch Statewide Technology Assistance Resources Project A publication of the Western New York Law Center,Inc. Volume 15 Issue 5 Sept-Oct 2011 How to Load Vista or Windows 7 onto a Bootable Thumb Drive Ever since the capacity of USB thumb more robust. What happens when a drives rose into the multi-gigabyte range, DVD gets scratched? computer geeks have been trying to use them to create bootable devices that • Some of the latest computers don’t could be used in an emergency to boot have DVD drives, but they do have a up a failed computer. It was a wonderful USB port. idea, except for one detail: The driver • It takes less time to re-install needed to read the Windows install files Windows from a thumb drive could not be accessed. With the release of Vista and Windows 7 operating Find yourself a suitable thumb drive. It systems, the drivers needed to read the might be possible to shoehorn the files have been made more accessible. It Windows software onto a 4GB thumb is now possible to create a bootable drive, but that would leave no room for thumb drive that can be used to boot up anything else (It might be nice to have a computer and install Windows. copies of the install programs for things like printer drivers or other software that So, what is the big deal? Isn’t a DVD good enough? For many people, a DVD is quite adequate. Just store it in a safe In this issue… place and pull it out when it is needed.
    [Show full text]
  • Linux File System and Linux Commands
    Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers Review of the Linux File System and Linux Commands 1. Introduction Becoming adept at using the Linux OS requires gaining familiarity with the Linux file system, file permissions, and a base set of Linux commands. In this activity, you will study how the Linux file system is organized and practice utilizing common Linux commands. Objectives • Describe the purpose of the /bin, /sbin, /etc, /var/log, /home, /proc, /root, /dev, /tmp, and /lib directories. • Describe the purpose of the /etc/shadow and /etc/passwd files. • Utilize a common set of Linux commands including ls, cat, and find. • Understand and manipulate file permissions, including rwx, binary and octal formats. • Change the group and owner of a file. Materials • Windows computer with access to an account with administrative rights The Air Force Cyber College thanks the Advanced Cyber Engineering program at the Air Force Research Laboratory in Rome, NY, for providing the information to assist in educating the general Air Force on the technical aspects of cyberspace. • VirtualBox • Ubuntu OS .iso File Assumptions • The provided instructions were tested on an Ubuntu 15.10 image running on a Windows 8 physical machine. Instructions may vary for other OS. • The student has administrative access to their system and possesses the right to install programs. • The student’s computer has Internet access. 2. Directories / The / directory or root directory is the mother of all Linux directories, containing all of the other directories and files. From a terminal users can type cd/ to move to the root directory.
    [Show full text]